[Owasp-leaders] CSRF

Gunnar Peterson gunnar at arctecgroup.net
Tue May 28 22:24:24 UTC 2013


three things come to mind

1. if you have a large enough pool of users and want to brute force

2. or simply try and lock out a bunch of users, and force them to a weaker scheme (questions) that you can wedge into

3. if the site caches creds somewhere and you can reinstantiate that way

-gunnar



On May 28, 2013, at 5:17 PM, Eoin wrote:

> Does CSRF ing a login page make sense to anyone :)
> 
> 
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 



More information about the OWASP-Leaders mailing list